If anyone here uses the
http://www.textpattern.com/ blog system, I've added support for self-hosted Yubikey authentication. It does
not use Yubico's server, but instead your own MySQL database. It is a proof-of-concept for the yubico-php-lib and its MySQL support.
I am using this on my site to login, and it works great. There is no administration front-end yet, so you have to create tables and edit user Yubikey info with SQL or a separate frontend such as phpmyadmin. To support this, I started writing MySQL support for my YubiAuthenticator system (
http://code.google.com/p/yubico-php-lib/). You can download the modified txp_auth.php at
http://www.jwoltman.net/downloads/txp_auth.zip. It goes in textpattern/include/.
Here's the SQL to create the table (public id is modhex, private is hex, AES key is hex):
Code:
CREATE TABLE `yubikeys` (
`username` varchar(32) NOT NULL,
`yu_public_id` varchar(32) NOT NULL,
`yu_private_id` varchar(64) NOT NULL,
`yu_aes_key` varchar(128) NOT NULL,
`yu_counter` int(11) default NULL,
`yu_timestamp` int(11) default NULL,
`yu_server_timestamp` int(11) default NULL,
PRIMARY KEY (`username`)
);
Note:Authenticating to your own system is good if you're willing to give up Yubico's own authentication. This is okay for me, and probably for companies who are going to work with Yubikeys. In my personal system I have multiple client applications (phpMyID, Textpattern, and in the future Windows XP) authenticating to a single database so I don't mind if my Yubikey data does not match that of Yubico.
I'm sure it'd be trivial to add "normal" Yubico.com support to TxP. If someone is interested, I will look into it.